Little help?

http://www.brianellisrules.com/guestbook/

If you click on "sign the guestbook" towards the top right I took out the <form> function as well as all the fields to enter info as well as the submit/reset buttons.... What the heck??

a guestbook can still get spammed if someone has a program that is written to find the page or file that has the function to post to the guestbook. spammers don't actually visit the pages to post spam feedback, they let a computer do it which doesn't ever look at the pages.

Might want to take a look at this page:

http://www.net-security.org/vuln.php?id=3408

There's a gaping security hole in the guestbook script you're using that gives anybody administrative access to it. Took me about 20 seconds with Google and guessing "admin.php" is where the admin entrypoint is to get full admin access, and I could now do anything I want to it.

I'll also mention that in many cases a poorly secured script can allow things to be posted to it from any page, not just a page on the same server. Meaning that anybody with a dummy page that posts its data to your script could, if it doesn't check, post to it, even if you've deleted an easy interface to it from your own site.

I'd look on the site that your script is from for a fix, or else just disable it.

Very good post Makosuke, just tried what he says and it really works :/. You should get that fixed asap. Don't worry, I didn't mess up anything.

Well, that's certainly a kick in the pants. I added a redirect as a temporary fix (since I don't have time to muck with it now).... that should be good for now, right? Anyone trying to access the guestbook directory will automatically get kicked back to the main page....

... that should be good for now, right? Anyone trying to access the guestbook directory will automatically get kicked back to the main page....I expect it'd be hard to do anything with a directory if you can't view it, so the redirect should cover your rear for now.

Good luck getting it fixed eventually.